Lessons from the latest OIG advisory opinion on MSO’s and telemedicine arrangements, but CPOM questions remain

June 30, 2025

Blog Post

The healthcare industry continues to evolve, with management services organizations (MSOs) and professional corporations (PCs) playing a pivotal role in delivering both clinical and administrative services. As these models expand—whether in telehealth or traditional brick-and-mortar settings—ensuring compliance with federal fraud and abuse law is critical. Additionally, the intersection of federal fraud and abuse laws with state corporate practice of medicine (CPOM) doctrines presents complex challenges for structuring management services organizations and professional corporation arrangements in healthcare. The recent Office of Inspector General (OIG) Advisory Opinion No. 25-03, which addressed a telehealth MSO-PC arrangement, provides valuable guidance for structuring compliant and scalable business relationships when examining the federal Anti-Kickback statute (AKS) and its safe harbors, but does not address state-level CPOM concerns. This OIG Advisory Opinion No. 25-03, distills its key facts and compliance requirements, and explores the critical state law considerations, including recent legislative and enforcement developments in CPOM. By synthesizing federal and state perspectives, the article provides a comprehensive roadmap for MSOs and provider groups seeking to build compliant, scalable, and sustainable business relationships in today’s evolving healthcare landscape.

Understanding the OIG advisory opinion: Key facts and findings

The OIG opinion reviewed a proposed arrangement in which a management support organization provided non-clinical services to a PC, while the PC leased healthcare professionals (HCPs) from third-party telehealth provider groups. The PC would then bill payors for telehealth services delivered by these leased HCPs. The arrangement also included administrative services such as accounting, marketing, scheduling, and IT support, all provided by the MSO.

The OIG concluded that the arrangement, as described, would indeed be offering and paying remuneration to the platform entities in the form of the Service Fee. When the platform PC refers platform patients to requestor PC for services that are reimbursable by a federal health care program; therefore, AKS would be implicated.

However, OIG concluded the service fee would be protected under the safe harbor for personal services and management contracts found under 42 C.F.R. § 1001.952(d)(1)).

Key compliance strategies for MSOs and provider groups

Crucially the requestor was given this favorable opinion in large part because it certified would meet all of the conditions of the safe harbor for personal services and management contracts and outcomes-based payment arrangements at 42 C.F.R. § 1001.952(d)(1).

Key compliance safeguards and factors in the OIG’s determination included:

Written, signed agreements: The arrangement was governed by a written agreement, signed by all parties, with a term of at least one year, and specifying all services to be provided. All terms, including services provided and compensation, should be fully documented in a written agreement.
Advance specification of compensation: The methodology for determining compensation (both for leasing healthcare professionals and for administrative services) was set in advance, consistent with fair market value, and not determined by the volume or value of referrals or business generated between the parties.
Fair market value payments: All payments were to be established at fair market value, as determined by an independent third-party valuator, and not linked to the amount of business or referrals.
No influence over referrals: The parties certified that they would not control or influence patient allocation decisions when both the MSO-affiliated PC and the telehealth provider group had contracts with the same payor.
Commercial reasonableness: The services contracted for were commercially reasonable and did not exceed what was necessary for the legitimate business purpose.
No promotion of unlawful activities: The arrangement did not involve the counseling or promotion of any business arrangement or activity that would violate state or federal law.

By satisfying all elements of the safe harbor, the OIG concluded that the arrangement would not generate prohibited remuneration under the AKS and thus would not be subject to administrative sanctions.

All payments for clinical and administrative services must reflect fair market value, ideally established by a reputable, independent third-party valuator. This approach helps insulate the arrangement from allegations of disguised kickbacks, clearly delineating between clinical services (provided by the PC or leased providers) and administrative/non-clinical services (provided by the MSO). This separation is essential to reduce risk under AKS and other fraud and abuse laws.

Ensuring that the arrangement avoids any arrangement or conduct that could be construed as steering, incentivizing, or influencing patient referrals based on financial considerations was also noted, as has been common in other OIG opinions. The OIG also specifically noted that the requestors would not control or influence patient allocation when both entities had contracts with the same payor as another key factor.

Applicability of the safe harbor framework to telehealth and traditional MSO-PC models

The safe harbor framework analyzed in the OIG opinion is not limited to telehealth arrangements; it is equally applicable to traditional, in-person MSO-PC models. The core requirements—written agreements, advance specification of services and compensation, fair market value, and separation of clinical and administrative functions—are universal compliance principles that transcend the modality of care delivery. In essence, the OIG’s reasoning and the safe harbor framework serve as a compliance roadmap for all MSO-PC relationships, not just those involving telehealth.

This opinion highlights several specific practices and arrangements that MSOs and provider groups should avoid to remain compliant and minimize legal risk:

Volume or value-based compensation: Do not structure compensation in a way that takes into account the volume or value of referrals or other business generated between the parties. This is a direct violation of the AKS and is not protected by the safe harbor.
Excessive or unnecessary services: Avoid contracting for services that are not commercially reasonable or that exceed what is necessary for the legitimate business purpose. Over-contracting can be seen as a vehicle for improper remuneration.
Bundled or undocumented financial relationships: Do not enter into side agreements or ancillary arrangements that are not fully disclosed and documented. All financial relationships must be transparent and included in the primary written agreement.
Improper influence over clinical decision-making: MSOs should not interfere with or direct clinical care decisions. Clinical independence must be preserved to avoid both compliance and licensure issues.
Lack of ongoing compliance monitoring: Failing to regularly review and update arrangements for compliance with federal and state laws, as well as payor contract requirements, can expose organizations to significant risk.

By steering clear of these practices and adhering to the safe harbor requirements, MSOs and provider groups can structure compliant, scalable business arrangements that withstand regulatory scrutiny in both telehealth and traditional care environments.

However, the OIG opinion is explicit in its limitations: it applies only to the federal AKS and does not address compliance with other federal, state, or local laws, including CPOM doctrine. The OIG specifically states that it does not opine on whether the arrangement would comply with state law or payor contract requirements, and that its opinion is not binding on any agency other than HHS.

CPOM and state law considerations

The CPOM doctrine, enforced in many states, prohibits corporations or non-physician entities from practicing medicine or employing physicians to provide clinical services. The doctrine is designed to ensure that medical decisions remain in the hands of licensed professionals, free from commercial influence. States vary widely in their enforcement and interpretation of CPOM, and in recent years, several states have increased scrutiny and enforcement actions against arrangements that appear to violate these principles.

Several states are recognized for having the most stringent and actively enforced CPOM laws, including California, New Jersey, New York, and Texas. These states strictly prohibit non-physicians and lay entities from owning, controlling, or interfering with the clinical judgment of physicians. Enforcement actions in these jurisdictions are frequent and often result in significant penalties for violations.

Recent Litigation and Enforcement Actions

In the summer of 2024, Envision Healthcare reached a settlement with the American Academy of Emergency Medicine Physician Group (AAEM-PG) in a closely watched lawsuit in California. The case centered on allegations that Envision’s business model violated California’s CPOM doctrine by allowing lay control over emergency medicine practices. The settlement required Envision to restructure its operations to ensure compliance with California’s CPOM laws and to safeguard physician independence in clinical decision-making. American Academy of Emergency Medicine Physician Group v. Envision Healthcare Corp., No. 3:22-cv-00421 (N.D. Cal. settled July 2024).

Hospital Internists of Texas, along with Hospital Internists of Austin and Texas APN, filed suit alleging that staffing companies Quantum Plus and Lonestar Hospital Medical Associates violated Texas’s CPOM laws by attempting to exercise improper control over patient care. Quantum Plus and Lonestar are an indirect subsidiary and an affiliate, respectively, of Team Health Holdings, Inc., which is owned by Blackstone Group. The litigation highlights Texas’s ongoing commitment to enforcing CPOM laws and preventing lay interference in the practice of medicine.
Hospital Internists of Texas, P.A. v. Quantum Plus, LLC, No. D-1-GN-23-000123 (200th Dist. Ct., Travis County, Tex. filed Jan. 2023).

Another example is Oregon’s SB 951, signed into law on June 9, 2025, which significantly tightens restrictions on management services organizations (MSOs) that provide administrative support to medical practices. Building on Oregon’s longstanding CPOM law—which already requires that medical practices be majority-owned by state-licensed physicians—the new law introduces several key changes aimed at further protecting physician autonomy and limiting corporate influence.

The law now bars not only corporations but also employees, shareholders, directors, officers, members, and managers of MSOs from holding majority ownership interests in medical practices. This closes potential loopholes that previously allowed MSOs to exert indirect control through ownership structures.

SB 951 specifically enumerates a range of activities that MSOs are prohibited from engaging in, as these are considered to confer “de facto” control over medical decision-making. MSOs may not:

Hire, fire, set work schedules or compensation, or otherwise dictate employment terms for medical licensees;
Set clinical staffing levels or determine how long a provider spends with a patient;
Make decisions on diagnostic coding;
Establish clinical standards or policies;
Set billing and collection policies for patients;
Advertise medical services under a non-medical entity’s name;
Set prices or rates for medical services;
Negotiate, execute, or enforce contracts with third-party payors on behalf of the medical practice.

These restrictions are designed to ensure that all key clinical and business decisions remain with the physician owners, rather than with MSOs or other non-physician entities.

The law also prohibits MSOs from entering into stock transfer restriction agreements with medical practice owners. Such agreements, commonly used to maintain alignment between MSOs and practices, are now disallowed, requiring MSOs to seek alternative methods for structuring their relationships.

The new restrictions do not apply to certain entities, such as hospitals, behavioral health providers, and telemedicine providers, nor to individuals who provide healthcare services and own less than a 10% interest in a professional medical entity. The law also provides a phased implementation: MSO restrictions take effect January 1, 2026, for new entities and ownership transfers, while existing entities have until January 1, 2029, to comply.

SB 951 further restricts corporate control with the below provisions applying immediately after the laws pass for new or renewed contracts:

Prohibiting certain noncompetition agreements that would limit the ability of physicians or nurses to practice; and
Voiding non-disclosure and non-disparagement agreements between medical licensees and MSOs or hospitals under specified circumstances.

Potential conflicts between OIG opinion and state CPOM laws

While the OIG opinion provides a federal safe harbor for certain MSO-PC arrangements under the AKS, it does not preempt or override state CPOM laws. An arrangement that is compliant with the AKS and the OIG’s safe harbor could still be found to violate state CPOM prohibitions if, for example:

The MSO exerts undue influence over clinical decision-making or physician employment.
The PC is not truly owned and controlled by a licensed physician, or the physician’s role is nominal.
The arrangement is structured in a way that, in substance, allows a non-physician entity to practice medicine or direct clinical care.

State enforcement agencies may view certain MSO-PC structures—especially those involving telehealth or cross-state operations—as attempts to circumvent CPOM, even if they are compliant with federal AKS requirements. This can result in investigations, fines, or even the forced unwinding of business arrangements.

Key takeaways for MSOs and provider groups

In summary, while the OIG advisory opinion offers valuable federal guidance, it is only one piece of the compliance puzzle. State CPOM laws may impose additional, and sometimes conflicting, requirements that must be carefully navigated to avoid regulatory risk.

Dual compliance required: Compliance with the OIG’s safe harbor and federal AKS is necessary but not sufficient. MSOs and provider groups must also ensure their arrangements comply with all applicable state CPOM laws and regulations.
State law variability: The permissibility of MSO-PC models varies significantly by state, and recent trends show increased scrutiny and enforcement, particularly in states with strong CPOM doctrines.
Physician-related documentation: Agreements, job descriptions, and employee manuals—should clearly state and demonstrate that physicians will exercise their own independent medical judgment at all times in addition to prohibiting non-medical professionals and entities from influencing clinical decision-making. Additionally, arrangements clearly reflect this division in daily operations.
Ongoing monitoring: Organizations should regularly review their structures and operations in light of evolving state law and enforcement trends, especially as telehealth and multi-state practices expand, and as new opportunities and new physicians and staff complete onboarding

If you have any questions regarding the content of this article, contact a member of McDonald Hopkins' Healthcare Practice Group.

The Centers for Medicare & Medicaid Services (CMS) is proposing to loosen the time requirements for billing remote physiologic monitoring (RPM) and remote therapeutic monitoring (RTM)

The Centers for Medicare & Medicaid Services (CMS) recently announced the Wasteful and Inappropriate Services Reduction (WISeR) Model, which will provide potential opportunities for companies that have the technology and expertise for prior authorization and pre-payment review starting in 2026.

The Peterson Center on Healthcare published a report, which analyzed the use of remote physiologic monitoring (RPM) and remote therapeutic monitoring (RTM) from 2019 through 2023 and related benefits and billing patterns, and proposed policy changes.